diff --git a/.github/workflows/addToAPMProject.yml b/.github/workflows/addToAPMProject.yml index f13634df..6b609678 100644 --- a/.github/workflows/addToAPMProject.yml +++ b/.github/workflows/addToAPMProject.yml @@ -10,6 +10,17 @@ jobs: add_to_project: runs-on: ubuntu-latest steps: + - name: Get token + id: get_token + uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 + with: + app_id: ${{ secrets.OBS_AUTOMATION_APP_ID }} + private_key: ${{ secrets.OBS_AUTOMATION_APP_PEM }} + permissions: >- + { + "organization_projects": "write", + "issues": "read" + } - uses: octokit/graphql-action@v2.x id: add_to_project with: @@ -27,7 +38,7 @@ jobs: contentid: ${{ github.event.issue.node_id }} env: PROJECT_ID: "PVT_kwDOAGc3Zs0VSg" - GITHUB_TOKEN: ${{ secrets.APM_TECH_USER_TOKEN }} + GITHUB_TOKEN: ${{ steps.get_token.outputs.token }} - uses: octokit/graphql-action@v2.x id: label_team with: @@ -50,4 +61,4 @@ jobs: value: "6c538d8a" env: PROJECT_ID: "PVT_kwDOAGc3Zs0VSg" - GITHUB_TOKEN: ${{ secrets.APM_TECH_USER_TOKEN }} + GITHUB_TOKEN: ${{ steps.get_token.outputs.token }} diff --git a/.github/workflows/addToDocsProject.yml b/.github/workflows/addToDocsProject.yml index 7c3f0f5c..e1b74147 100644 --- a/.github/workflows/addToDocsProject.yml +++ b/.github/workflows/addToDocsProject.yml @@ -11,6 +11,17 @@ jobs: runs-on: ubuntu-latest if: github.event.label.name == 'Team:Docs' steps: + - name: Get token + id: get_token + uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 + with: + app_id: ${{ secrets.OBS_AUTOMATION_APP_ID }} + private_key: ${{ secrets.OBS_AUTOMATION_APP_PEM }} + permissions: >- + { + "organization_projects": "write", + "issues": "read" + } - uses: octokit/graphql-action@v2.x id: add_to_project with: @@ -28,4 +39,4 @@ jobs: contentid: ${{ github.event.issue.node_id }} env: PROJECT_ID: "PVT_kwDOAGc3Zs0iZw" - GITHUB_TOKEN: ${{ secrets.APM_TECH_USER_TOKEN }} \ No newline at end of file + GITHUB_TOKEN: ${{ steps.get_token.outputs.token }} \ No newline at end of file diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index 4bf1b698..7480e3a8 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -4,8 +4,6 @@ on: types: [opened] pull_request_target: types: [opened] -env: - MY_GITHUB_TOKEN: ${{ secrets.APM_TECH_USER_TOKEN }} permissions: contents: read @@ -16,6 +14,18 @@ jobs: triage: runs-on: ubuntu-latest steps: + - name: Get token + id: get_token + uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 + with: + app_id: ${{ secrets.OBS_AUTOMATION_APP_ID }} + private_key: ${{ secrets.OBS_AUTOMATION_APP_PEM }} + permissions: >- + { + "members": "read", + "organization_projects": "write", + "issues": "read" + } - name: Add aws-λ-extension label uses: github/issue-labeler@v3.4 with: @@ -31,7 +41,7 @@ jobs: usernamesToExclude: | apmmachine dependabot - GITHUB_TOKEN: ${{ secrets.APM_TECH_USER_TOKEN }} + GITHUB_TOKEN: ${{ steps.get_token.outputs.token }} - name: Show team membership run: | echo "::debug::isTeamMember: ${{ steps.checkUserMember.outputs.isTeamMember }}" @@ -50,3 +60,5 @@ jobs: project: 'https://github.com/orgs/elastic/projects/454' project_id: '5882982' column_name: 'In Progress' + env: + MY_GITHUB_TOKEN: ${{ steps.get_token.outputs.token }}